New potential DoS vulnerability
John Bailey
rekkanoryo at rekkanoryo.org
Wed Dec 22 18:39:05 EST 2010
Hi, packagers.
We have yet another potential denial of service vunlnerability in our MSN code.
It's a null pointer dereference due to receiving a "short" packet for a direct
connection. This vulnerability was discovered by Stu Tomlinson, and Elliott
Sales de Andrade provided the attached patch, which he believes fixes the issue.
I believe, but am not certain, that this vulnerability *should* affect only
libpurple 2.7.6, 2.7.7, and 2.7.8, as previous versions do not cause the MSN
servers to send us the "short" packets that cause the crash. Any developer with
better knowledge of this should chime in and correct my mistakes (if any).
I was supposed to include this in the 2.7.8 release this past weekend, but
missed it. I am planning to release 2.7.9 late Sunday evening with this patch
included, but you may wish instead to simply patch your existing packages. It's
unlikely that 2.7.9 will include any significant new development work, being so
close to the Christmas holiday.
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: purple-msn-dc-null-deref.diff
Type: text/x-patch
Size: 1094 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20101222/823208e4/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/packagers/attachments/20101222/823208e4/attachment.pgp>
More information about the Packagers
mailing list